Add SslProtocols option to HttpsConnectionFilter

This commit is contained in:
Master T 2015-11-14 12:53:29 +01:00
parent bd30f28dfd
commit bed8c67181
2 changed files with 8 additions and 3 deletions

View File

@ -18,6 +18,7 @@ namespace Microsoft.AspNet.Server.Kestrel.Https
private readonly ClientCertificateMode _clientCertMode; private readonly ClientCertificateMode _clientCertMode;
private readonly ClientCertificateValidationCallback _clientValidationCallback; private readonly ClientCertificateValidationCallback _clientValidationCallback;
private readonly IConnectionFilter _previous; private readonly IConnectionFilter _previous;
private readonly SslProtocols _sslProtocols;
private X509Certificate2 _clientCert; private X509Certificate2 _clientCert;
public HttpsConnectionFilter(HttpsConnectionFilterOptions options, IConnectionFilter previous) public HttpsConnectionFilter(HttpsConnectionFilterOptions options, IConnectionFilter previous)
@ -34,6 +35,7 @@ namespace Microsoft.AspNet.Server.Kestrel.Https
_serverCert = options.ServerCertificate; _serverCert = options.ServerCertificate;
_clientCertMode = options.ClientCertificateMode; _clientCertMode = options.ClientCertificateMode;
_clientValidationCallback = options.ClientCertificateValidation; _clientValidationCallback = options.ClientCertificateValidation;
_sslProtocols = options.SslProtocols;
_previous = previous; _previous = previous;
} }
@ -47,7 +49,8 @@ namespace Microsoft.AspNet.Server.Kestrel.Https
if (_clientCertMode == ClientCertificateMode.NoCertificate) if (_clientCertMode == ClientCertificateMode.NoCertificate)
{ {
sslStream = new SslStream(context.Connection); sslStream = new SslStream(context.Connection);
await sslStream.AuthenticateAsServerAsync(_serverCert); await sslStream.AuthenticateAsServerAsync(_serverCert, clientCertificateRequired: false,
enabledSslProtocols: _sslProtocols, checkCertificateRevocation: false);
} }
else else
{ {
@ -89,8 +92,7 @@ namespace Microsoft.AspNet.Server.Kestrel.Https
return true; return true;
}); });
await sslStream.AuthenticateAsServerAsync(_serverCert, clientCertificateRequired: true, await sslStream.AuthenticateAsServerAsync(_serverCert, clientCertificateRequired: true,
enabledSslProtocols: SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls, enabledSslProtocols: _sslProtocols, checkCertificateRevocation: false);
checkCertificateRevocation: false);
} }
context.Connection = sslStream; context.Connection = sslStream;
} }

View File

@ -1,6 +1,7 @@
// Copyright (c) .NET Foundation. All rights reserved. // Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates; using System.Security.Cryptography.X509Certificates;
namespace Microsoft.AspNet.Server.Kestrel.Https namespace Microsoft.AspNet.Server.Kestrel.Https
@ -10,10 +11,12 @@ namespace Microsoft.AspNet.Server.Kestrel.Https
public HttpsConnectionFilterOptions() public HttpsConnectionFilterOptions()
{ {
ClientCertificateMode = ClientCertificateMode.NoCertificate; ClientCertificateMode = ClientCertificateMode.NoCertificate;
SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls;
} }
public X509Certificate2 ServerCertificate { get; set; } public X509Certificate2 ServerCertificate { get; set; }
public ClientCertificateMode ClientCertificateMode { get; set; } public ClientCertificateMode ClientCertificateMode { get; set; }
public ClientCertificateValidationCallback ClientCertificateValidation { get; set; } public ClientCertificateValidationCallback ClientCertificateValidation { get; set; }
public SslProtocols SslProtocols { get; set; }
} }
} }